TrapX Technology Uses Deception to Ensnare Attackers

TrapX received a $9 million injection of fresh capital to help fund its deception-based technologies, which are designed to lure and trap attackers.

The idea of using a honeypot, a deliberately attractive and vulnerable server as a way to trap attackers, is not new, but it's a concept that security vendor TrapX is aiming to expand upon with its deception-based technology platform.

TrapX announced July 10 that it raised $9 million in Series B funding from Intel Capital, Liberty Israel Venture Fund, BRM Group and Opus Capital. Total funding to date for TrapX stands at $14 million.
The new funds are earmarked to help accelerate growth and finance research and development, said Greg Enriquez, CEO of TrapX. "The company is growing globally because deception technology is a priority for many security teams around the world," Enriquez told eWEEK. "Our deception technology offers a different approach to combating advanced threats and gives security teams visibility inside a network once an attacker has breached the perimeter."
TrapX's deception technology works as a combination of on-premises and cloud-based applications, Enriquez explained. At the core of the platform is a lightweight emulation engine that looks to an attacker like a regular operating system.
"Then we can put spin data on top of the operating system emulation and attract the attacker into the deception grid," Enriquez said. "Historically, honeypots and other deception technologies have used full operating systems that have to be managed, patched and monitored, whereas we have automated the deployment and management processes to help users identify and learn about attacks."

The spin data is any data that might make the deception servers an interesting target for an attacker. For example, data could be labeled as "employee information" or "credit card numbers" as a way to attract an attacker.

The TrapX Security Operation Console (TSOC) management component of the platform runs in the cloud, while the actual traps run on-premises in an enterprise environment. As such, an organization can deploy the trap as a virtual machine or they could deploy a physical server to use as the platform for the deception traps. That said, Enriquez said that if an organization also wants to run the traps in the cloud, they can do that as well.
From a remediation perspective, Enriquez explained that TrapX will draw an attacker into the deception and then get information about the exploits and code the attackers are attempting to inject and modify. That security information can then be shared with other security tools, including firewall and intrusion prevention systems (IPSes) within an organization to defend against the risk.
"So we make your security environment smarter once we catch something," Enriquez said.
With TrapX, the core platform by default itself is a deception and is insecure, which is what enables an attacker to exploit the environment in the first place.
TrapX isn't likely the first place an attacker will actually be in an organization's network, Enriquez said. The TrapX technology is deployed inside an organization's network and is effective and helping to detect attackers already in the network.
"The deception environment looks very vulnerable to the attacker as we want to be a decoy," Enriquez said. "Usually, when an attacker is in an organization's network, they have come in via another attack and have already infected a server or workstation in an IT environment and are moving laterally behind the network perimeter."
Enriquez said that as he tries to build out and grow TrapX, the biggest challenge is getting the word out to organizations to learn and find out about what his company does and where it fits into on the security landscape.
"Deception is complementary to existing security technologies, and it's effective at giving organizations visibility where they don't have visibility today," Enriquez said. "Many organizations that have been breached have good security teams, but the bad guys still get in. With our solution, we want to add something that makes the rest of an organization's security products stronger."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.